Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ffmpeg
(Ffmpeg)| Repositories | https://github.com/FFmpeg/FFmpeg |
| #Vulnerabilities | 458 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-06-19 | CVE-2014-125022 | A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | Ffmpeg | 5.5 | ||
| 2022-06-19 | CVE-2014-125025 | A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | Ffmpeg | 5.5 | ||
| 2022-06-19 | CVE-2014-125024 | A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | Ffmpeg | 7.8 | ||
| 2019-09-05 | CVE-2019-15942 | FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. | Ffmpeg | 8.8 | ||
| 2019-04-19 | CVE-2019-11338 | libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | Ubuntu_linux, Debian_linux, Ffmpeg, Suse_package_hub_for_suse_linux_enterprise | 8.8 | ||
| 2018-02-28 | CVE-2018-7557 | The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. | Debian_linux, Ffmpeg | 6.5 | ||
| 2018-08-23 | CVE-2018-15822 | The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. | Ubuntu_linux, Debian_linux, Ffmpeg | 7.5 | ||
| 2019-03-12 | CVE-2019-9718 | In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. | Ubuntu_linux, Debian_linux, Ffmpeg | 6.5 | ||
| 2019-03-12 | CVE-2019-9721 | A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. | Ubuntu_linux, Ffmpeg | 6.5 | ||
| 2020-04-28 | CVE-2020-12284 | cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. | Ubuntu_linux, Debian_linux, Ffmpeg | 9.8 |